UNPKG

@videojs/http-streaming/docs/hlse.md

Version:

874 BMarkdownView Raw

1# Encrypted HTTP Live Streaming
2The [HLS spec](http://tools.ietf.org/html/draft-pantos-http-live-streaming-13#section-6.2.3) requires segments to be encrypted with AES-128 in CBC mode with PKCS7 padding. You can encrypt data to that specification with a combination of [OpenSSL](https://www.openssl.org/) and the [pkcs7 utility](https://github.com/brightcove/pkcs7). From the command-line:
3
4```sh
5# encrypt the text "hello" into a file
6# since this is for testing, skip the key salting so the output is stable
7# using -nosalt outside of testing is a terrible idea!
8echo -n "hello" | pkcs7 | \
9openssl enc -aes-128-cbc -nopad -nosalt -K $KEY -iv $IV > hello.encrypted
10
11# xxd is a handy way of translating binary into a format easily consumed by
12# javascript
13xxd -i hello.encrypted
14```
15
16Later, you can decrypt it:
17
18```sh
19openssl enc -d -nopad -aes-128-cbc -K $KEY -iv $IV
20```

1	`# Encrypted HTTP Live Streaming`
2	`The [HLS spec](http://tools.ietf.org/html/draft-pantos-http-live-streaming-13#section-6.2.3) requires segments to be encrypted with AES-128 in CBC mode with PKCS7 padding. You can encrypt data to that specification with a combination of [OpenSSL](https://www.openssl.org/) and the [pkcs7 utility](https://github.com/brightcove/pkcs7). From the command-line:`
3
4	```sh
5	`# encrypt the text "hello" into a file`
6	`# since this is for testing, skip the key salting so the output is stable`
7	`# using -nosalt outside of testing is a terrible idea!`
8	`echo -n "hello" \| pkcs7 \| \`
9	`openssl enc -aes-128-cbc -nopad -nosalt -K $KEY -iv $IV > hello.encrypted`
10
11	`# xxd is a handy way of translating binary into a format easily consumed by`
12	`# javascript`
13	`xxd -i hello.encrypted`
14	```
15
16	`Later, you can decrypt it:`
17
18	```sh
19	`openssl enc -d -nopad -aes-128-cbc -K $KEY -iv $IV`
20	```